TryHackMe! Upload Vulnerabilities - File Upload Vulnerabilities & Exploit - Complete walkthrough

Hey bro just want to say I always go to your page when I get stuck on something for a while, you're helping me out a lot. Thanks man!

invader

Je viens de découvrir votre chaîne. Merci beaucoup pour votre contenu très claire, efficace et concis.

azerty

Thank you so much for this, not going to lie the last challenge was kinda kickin my ass

omn

Lost it at your reaction to being rick roll'd. Thanks a lot for this.

jakeed

Thank you for all everything that you explained and did in this video. At first (OWASP Juice Shop) and (Upload Vulnerabilities) sites would not work till I re-configured my settings. Thank you again!

Darth_Maul

Im confused on 1:00:50 why did you have to change the filetype of the shell to .jpg if you removed the file-type restrictions? couldnt you just upload the .php shell file directly?

ver

Yo, just watched your video on File Inclusion vulnerabilities and it's got me hyped for the day ahead! 🙌🔥 Your explanations were on point and made understanding these concepts so much easier. Thanks for breaking it down in such a clear and concise way! Can't wait to dive into more of your content and level up my web hacking skills. Keep dropping those knowledge bombs, fam! 💣💻 #TryHackMe #WebHacking #KnowledgeIsPower

polycapmuniu

Thank you!
I like the idea of disabling JavaScript on the client side, this way you know for sure if the application completely rely on the front-end to validate file uploads or not.

And for the script.js file at 39:35 it seems that it was obfuscated. There are some good JavaScript deobfuscators online out there if you encounter such files

eyfikzp

Thanks so much for this video. This has been helpful. Great job!

Rockadocious

Thank you for all your content! I've watched A LOT of your videos and learned A LOT from you. Friend to friend...you would solve most of these questions/challenges 10x faster if you just slowed down. You're very fast to a fault sometimes. :)

iCyberVenom

I can't get through forwarding it never goes there when I forward it just stays blank on burp I can't access the assets/js/uploadjs

Fullyraw

One more question. Does a reverse shell automatically execute after successfully uploaded? If yes then why?

zidreel

On Task 9 I did exactly what you did, step by step, but when I clicked Upload, it just says No file selected. What am I missing?

dustinarand

Haven't watched the video yet but thanks for uploading it! My question is, is there anyway to bypass a system that explicitly converts every uploaded file to a specific format (like JPG). I successfully sent the file to the server. The only problem is that the server converts it to JPG - nullifying the chance of remote execution. I know it's not that easy to bypass. But any tips here will surely help. Thanks

zidreel

I must be having a Monday on Tuesday, over an hour on Task 7, and the submit fails every time.

xCheddarBbx

I am stuck in this room maybe tomorrow I'll do it 😃

rtrdr

why burp suite does not intercept js file ?

EgyptianJoker

Hey thanks alot for the videos they are really great. One question I have is I have done and understood everything up till where we execute our file. I used gobuster to enumerate my file, used every 3 worded file results but I keep getting "Module does not exist". Could you help me with this please? And also, another file I uploaded had .js extension (used Burp Suite to intercept and change the MIME type) but all the files I see enumerated have .jpg extension. Thanks a lot again in advance man.

furkanveliisk